If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Tutorial: IP header explained

Over the internet, data is send trough packets. If you are new to this term, you might want to look at Warriors of the Net - a movie made by Ericsson, explaining how data is send over the internet in a simplified way.

Each of these packets have a header, telling the routers on the internet how and where this packet has to go. You could compare the header with an adress you write on a letter, telling the mailman where it has to go.

In this tutorial, I will show you how this header is constructed.

Typically, a header consists of 32-bits words, or 'groups of 4 bytes,' as shown by the image.

Version
This field indicates the IP-version used for this packet. Typically 4.

Length
This indicates the length of the header of this packets.

Type of Service
These are rarely used. If one or more of these bits are set, they indicate how routers should handle this packet.

Total length of packet
What it sais: the total lengt of the packet, including this header and including the data sent.

Identification
A number identifiing this packet. Numbering packets is usefull when fragmenting packets. See Fragmentation Offset.

Flags
The first of these bits is reserved for future use. For now, it should be set to 0.
The second bit indicates wether this packet may be fragmented by the router (0) or not (1).
The third bit tells the receiver wether this was the last fragment of the packet (0) or not (1).

Fragmentation Offset.
If the total lengt is to large for a network to handle, it is divided into smaller packets. These packets all have the same identification number. If, for example, a packet 150 bytes large is send, but the network can only handle packets with a maximum size of 100 bytes, the original packet is fragmented in two others: the first will be 100 bytes large and will have a fragmentation offset of 0 (first fragment). The second will be 50 bytes long, and will have an offset of 50. Furthermore, it will have set its third Flag, telling the receiver this is the last fragment of the packet. Now, the receiver can completely reconstruct the original packet.

Time to Live
This is used to make sure no packet will wander through the internet for eternity. Each router that handles this packet, will deduct at least 1 from the Time to Live value. If a router receives a packet with a TTL of 1 or 0, it will discard the package, and send a message to the source indicating that the TTL-value has reached zero. This message is used by traceroute programs: If you send out a packet to a destination, but you deliberately set the TTL-value within the packet too small, one of the routers between you and the destination will give you a reply. By adding 1 to the TTL and resending the packet, the next router on the way will send you such a message. This way, you can get messages (and thus identify) from all routers between you and the destination.

Protocol
The protocol used in the packet. Typically 06 for TCP or 17 for UDP.

Header Checksum
Before sending, the sender calculates a checksum using date from this packet. The receiver calculates this checksum again - if the value was changed, the receiver can tell that the packet was damaged during transit.

Originally posted by jackthekiller Is IP number base on country or by location?. Or maybe the number was put randomly over the net?. Could you explain that?.

Okay... in the beginning, they made a bunch of numbers to use. 0.0.0.0 through 255.255.255.255, and some of them were set aside for internal networks, others for testing, 127.x.x.x for loop-back, etc.

Basically it's pretty random, and who controls the numbers is something of a debate. (Read about the ICANN or Internic for more information.) Anyway, some companies got big blocks of addresses early on, before the internet really took off, and ownership of these blocks has often changed around, been re-sold, etc. For instance, you get your IP from your ISP, right? They might have reserved it from another humungous company.

Although sometimes the IP DOES correlate to a geographical location or country, that's mainly because a bunch of similar addresses are in use there. But there is no IP -> Country list, with what countries get what blocks of IP addresses. Countries DO, however, control their top-level-domains (These are not the same as IP addresses, they are just a short-term way for you to find the addresses by searching a DNS server), such as .au, .uk, .cn, .jp... (Australia, United Kingdom, China, Japan...)